[Plugin: Timthumb Vulnerability Scanner] Always finds 2 vulnerable files

  • Wil

    (@gravitationalfx)


    12 years, 10 months ago

    I always get the error message
    “2 vulnerable Timthumb files found. Fix them here.”

    The files are:
    /wp-content/plugins/timthumb-vulnerability-scanner/cg-tvs-filescanner.php
    /wp-content/plugins/timthumb-vulnerability-scanner/class-cg-tvs-filescanner.php

    Fixing them prouces the following further error:
    File cg-tvs-filescanner.php at /wp-content/plugins/timthumb-vulnerability-scanner/cg-tvs-filescanner.php successfully upgraded.

    File class-cg-tvs-filescanner.php at /wp-content/plugins/timthumb-vulnerability-scanner/class-cg-tvs-filescanner.php successfully upgraded.
    A TimThumb error has occured
    The following error(s) occured:

    No image specified

    Query String : page=cg-timthumb-scanner
    TimThumb version : 2.8.5

    https://www.ads-software.com/extend/plugins/timthumb-vulnerability-scanner/

Viewing 9 replies - 1 through 9 (of 9 total)

  • I have this issue also.
    I tried to update them, recieved the errors and then the scanner no longer worked. So I removed it and reinstalled it.

    These files are from the actual scanner and I am hoping they are ok but it still doesn’t look good on the dashboard!

    Plugin Author Peter Butler

    (@peterebutler)

    Hey Guys –

    Sorry about the mess! I’m guesing this is because you’re working on Windows servers – the plugin should ignore its own files, but on windows servers, it had trouble with that. Ive just released an up date that fixes the issue on Windows servers, so you should be set moving forward.

    Thanks!

    Thread Starter Wil

    (@gravitationalfx)

    Hi Peter,

    Nope it’s not just due to Windows servers. This is happening on my Linux hosted sites.

    Cheerz,
    Wil.

    Plugin Author Peter Butler

    (@peterebutler)

    Hey Wil –

    That’s baffling. Do you, by chance, have a nonstandard wp-content location?

    Thread Starter Wil

    (@gravitationalfx)

    Nope, bog standard LAMP and out-of-the-box WP.

    It’s hosted under Blacknight.com.

    Cheerz,
    Wil.

    I ran timthumb on my linux site yesterday, as I’d done a few times before, this time it crashed the site, giving

    “A TimThumb error has occured
    The following error(s) occured:

    No image specified”

    when trying to view it, necessitating restoring a backup (in the absence of any idea of how to otherwise fix!)

    I’ve now got the red message telling me that there are 2x vulnerabilities, one from my woothemes newspress theme, and one from the connections pro plugin.

    Any suggestion what’s happening here?

    M

    Plugin Author Peter Butler

    (@peterebutler)

    Mark, what’s likely happened is: The scanner plugin tried to fix itself (it flagged itself as a vulnerable timthumb plugin, because of the code in teh plugin to find the plugin). This broke the plugin, which broke your site.

    Unfortunately, I havent been able to nail down why this is happening. If you’re comfortable with it, I’d love to help you sort out hte problem, as well as figure out exactly why it’s happening – if you’re interested, get in touch with me at [email protected].

    Thanks!

    pinged you an email

    That’s baffling. Do you, by chance, have a nonstandard wp-content location?

    I I do, I renamed the wp-content. Any Ideas?
    Thanks ??

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘[Plugin: Timthumb Vulnerability Scanner] Always finds 2 vulnerable files’ is closed to new replies.